Wildfire Myopia

It looks like technological security isn't the only kind disorganized in government. The latest GAO report about wildfires seems like more smoke than fire:

This testimony summarizes several key actions that federal agencies need to complete or take to strengthen their management of the wildland fire program, including the need to (1) develop a long-term, cohesive strategy to reduce fuels and address wildland fire problems and (2) improve the management of their efforts to contain the costs of preparing for and responding to wildland fires.

...

For cost-containment efforts to be effective, the agencies need to integrate cost-containment goals with the other goals of the wildland fire program--such as protecting life, resources, and property--and to recognize that trade-offs will be needed to meet desired goals within the context of fiscal constraints.

— Wildland Fire Management: A Cohesive Strategy and Clear Cost-Containment Goals Are Needed for Federal Agencies to Manage Wildland Fire Activities Effectively, GAO-07-1017T, U.S. General Accounting Office, June 19, 2007

How about a strategy for integrating wildfire planning into subdivision planning, or cost allocations from homeowner wildfire insurance?

FISMA Failing

Shades of SOX complaints: the U.S. GAO reports that the Federal Information Security Management Act (FISMA) is failing:

When we go out and conduct our security control reviews at federal agencies, we often find serious and significant vulnerabilities in systems that have been certified and accredited. Part of it, I think, is just that agencies may be focusing on just trying to get the systems certified and accredited but not effectively implementing the processes that the certification and accreditation is supposed to reflect.

— Q&A: Federal info security isn't just about FISMA compliance, auditor says, Most agencies still have security gaps, according to Gregory Wilshusen, by Jaikumar Vijayan Computerworld, June 14, 2007

Sounds like they haven't implemented numerous simple security measures that were known before FISMA, they don't have processes to do so, and they don't adequately report what they're doing, even with FISMA. What to do?

Homeland Insecurity

Congress is investigating Homeland Security's internal insecurity:

...hearing, the GAO witnesses will also describe an investigation they conducted on a specific DHS network that is "riddled with significant information security control weaknesses that place sensitive and personally identifiable information at increased risk of unauthorized disclosure."

The subcommittee also plans to air some of its concerns with the DHS OneNet project, which is aimed at consolidating all of the agency's information networks under one roof, and to question a perceived lack of IT security funding by Charbo.

— Homeland Security to detail IT attacks Hearing will reveal findings of agency's internal investigation into risk of system attacks and other online threats, By Matt Hines InfoWorld, June 15, 2007

Who could have predicted that putting all information networks under one roof would make them vulnerable to attack? That would have been like predicting that making all DHS and DoD computers run one operating system would make them vulnerable to attack.

-jsq

PS: Seen via Fergie's Tech Blog

No Word?

Got my hopes up on this one:

It appears that Science, the journal of the America Association for the Advancement of Science, itself the largest scientific society in the world, has updated its authoring guidelines to include advice for Office 2007 users. The news is not good.

"Because of changes Microsoft has made in its recent Word release that are incompatible with our internal workflow, which was built around previous versions of the software, Science cannot at present accept any files in the new .docx format produced through Microsoft Word 2007, either for initial submission or for revision. Users of this release of Word should convert these files to a format compatible with Word 2003 or Word for Macintosh 2004 (or, for initial submission, to a PDF file) before submitting to Science."

— SCIENCE PUBS REJECT ARTICLES WRITTEN IN WORD 2007, by Rob Weir, Rob Weir Blog, Thursday, May 31, 2007

And here I thought maybe they were rejecting Word entirely. Ah, it could happen. Most papers in physics, mathematics, and computer science journals are already formatted in TeX, if I'm not mistaken. So there is some diversity in publishing software; it's not all a monoculture.

Meanwhile, the main reason Science rejected Word 2007 is that it is not backwards compatible with previous versions of Word, thus illustrating the Microsoft dilemma: stick with the old and retain customers, or fix problems and lose some. Not so big a dilemma with Word, perhaps. How many submittors to Science are there, as compared with business Word users? But much more of a problem for security fixes that require breaking backwards compatibility.

-jsq

Burned vs. Burned Up

Regarding the Georgia and Florida swamp and pine fires, one of the main questions is at what point does preservation offer greater economic gain than resource extraction. Looking at the big picture brings out two points:

ActionBioscience.org: The figure "$33 trillion" was once projected as the value of ecosystems globally. What do you think of this type of economic analysis?

Polasky: The $33-trillion figure refers to one of the earliest studies that was done on the value of ecosystem services. The lead author was Robert Costanza. He and his coauthors tried to get at the notion of how we can establish on a global basis what the value of ecosystem services is. They came up with a number 33 trillion [USD] plus or minus a few trillion. There are a number of problems with the study. The most basic one is the question of what you are talking about when you consider all the ecosystem services of Earth. The entire system is our life support system. So what is our life support system worth? You don’t really have to have a scientific study in order to answer that question. The real value of the study was not the $33-trillion figure, which who knows what that means, but that it spurred people to focus on these issues.

Such values can be big, and the dollar value isn't the only consideration. There is a bit of risk in that we can't do without the biosphere, and some risk management is in order. Even beyond that obvious non-dollar value, there are further questions of species diversity and esthetics. Do we really want to kill off an ecosystem when we don't really know what it's doing for us, and do we all want to live surrounded by concrete?

Microsoft RICO

Microsoft claims that I (and possibly you, dear reader) am violating 235 of its patents on Windows by running Ubuntu Linux:

After many earlier rounds of saber-rattling and FUD, Microsoft has announced that Free Software users -- including everyone who, like me, uses Ubuntu Linux -- are violating at least 235 of Microsoft's patents, though they don't say which ones. Microsoft are now threatening end users of GNU/Linux (that's you and me again) with lawsuits unless we pay them protection money. "Nice operating system you got there, it'd be a shame if something were to happen to it."

The Microsoft position is this: even if you don't use Windows, you still have to pay them as much money as they would have gotten for selling you a copy of it.

—Microsoft says GNU/Linux violates 235+ Windows patents, Cory Doctorow, BoingBoing, Monday, May 14, 2007

Microsoft did stop short of saying it would sue Linux users or its own customers:

WIldfire Precedents

I'm having a little difficulty finding historical statistics on wildfires. Here's someone's understanding:

My understanding is that the size of this fire is almost unprecedented with the exception being a fire in 1955 that consumed 58,000 acres.

The wind changed today. I can smell the smoke of my neighbor’s land again. The ash is falling again, too. Bitter snows.

— The Waycross Wildfire 2, jimmorrow, April 23, 2007

When he wrote that towards the end of April, 55,000 acres had been burnt near Waycross, Georgia.

Do or Don't

Well, you go away for the weekend, and Vista fans have a party on your blog....

While one of the commenters seems to mostly know people who like Vista, so far I haven't found anybody I know who does; could be it's who you know. Apparently Dell knows quite a few people who don't want Vista, and the Houston Chronicle talked to some of them.

The people I talk to think Ubuntu Linux is just as good as Vista, and requires fewer resources. Sort of like this opinion: except for perhaps some Windows-specific applications, why not switch to Ubuntu? Dell is also moving to supply Ubuntu as a native operating system within weeks.

Abandoning the Vista Ship

Dell started supplying Linux (without Windows) to its customers a while ago. Now it's started supplying XP instead of Vista. What does that mean?

What happened is the OEMs revolted in the background and forced Microsoft's hand. This is a big neon sign above MeII saying 'FAILURE'. Blink blink blink. OK, MeII won't fail, they have OEMs whipped and threatened into a corner, it will sell, but you can almost hear the defectors marching toward Linux. This is a watershed.

— Microsoft admits Vista failure, By Charlie Demerjian in Beijing, The Inquirer, Saturday 21 April 2007, 12:20

Demerjian says another big sign is that Gates went to China and announced a $3 price for Vista, down from about $300.

Easy Management v. Monoculture

Why would any government want to mandate monoculture, anyway?

The long-term goal for the Air Force is to have real-time standard configuration management. Heitkamp said right now Air Force software ensures that a laptop or PC connected to the network has the standard configuration every 90 minutes. The service by 2008 hopes to have the real-time enforcement running, he said.

“We are fairly good now, but we will be much better next year,” Heitkamp said. “Moving to a standard desktop is about governance and policy, not technology. Our vision is real-time desktop management.”

Ease of management. What could be wrong with that?